Kmart Australia has announced a successful breach of its Australian online store.
Its breach notice says the compromised data includes customer name, “email address, delivery and billing address, telephone number and product purchase details”.
So, although there's plenty of information for someone to take a decent shot at identity theft, worry not, because your credit card data is safe behind ANZ Bank's payment gateway.
To be fair, the company should be commended for posting the notice at all. The permanent lackeydom of Australian governments to business lobbies means nobody in Canberra has the fortitude to introduce mandatory breach reporting laws. That state of affairs, for example, let Vodafone cover up the illegal access of a journalist's phone records for four years.
Kmart says only “a selection” (a retailer's choice of jargon there) of Australian customers were affected, it knows which ones, and has sent them e-mails warning them of the breach.
The retailer's contacted the AFP and the privacy commissioner, and says it's engaged forensic experts. Almost without precedent, its statement fails to tell customers "we take your security seriously". ®